Add tracker rate limiter
This commit is contained in:
parent
11fa7d392a
commit
9b67da3d9b
39
server.ts
39
server.ts
|
@ -10,13 +10,8 @@ if (isTestInstance()) {
|
||||||
// ----------- Node modules -----------
|
// ----------- Node modules -----------
|
||||||
import * as bodyParser from 'body-parser'
|
import * as bodyParser from 'body-parser'
|
||||||
import * as express from 'express'
|
import * as express from 'express'
|
||||||
import * as http from 'http'
|
|
||||||
import * as morgan from 'morgan'
|
import * as morgan from 'morgan'
|
||||||
import * as bitTorrentTracker from 'bittorrent-tracker'
|
|
||||||
import * as cors from 'cors'
|
import * as cors from 'cors'
|
||||||
import { Server as WebSocketServer } from 'ws'
|
|
||||||
|
|
||||||
const TrackerServer = bitTorrentTracker.Server
|
|
||||||
|
|
||||||
process.title = 'peertube'
|
process.title = 'peertube'
|
||||||
|
|
||||||
|
@ -75,7 +70,9 @@ import {
|
||||||
feedsRouter,
|
feedsRouter,
|
||||||
staticRouter,
|
staticRouter,
|
||||||
servicesRouter,
|
servicesRouter,
|
||||||
webfingerRouter
|
webfingerRouter,
|
||||||
|
trackerRouter,
|
||||||
|
createWebsocketServer
|
||||||
} from './server/controllers'
|
} from './server/controllers'
|
||||||
import { Redis } from './server/lib/redis'
|
import { Redis } from './server/lib/redis'
|
||||||
import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler'
|
import { BadActorFollowScheduler } from './server/lib/schedulers/bad-actor-follow-scheduler'
|
||||||
|
@ -116,33 +113,6 @@ app.use(bodyParser.json({
|
||||||
limit: '500kb'
|
limit: '500kb'
|
||||||
}))
|
}))
|
||||||
|
|
||||||
// ----------- Tracker -----------
|
|
||||||
|
|
||||||
const trackerServer = new TrackerServer({
|
|
||||||
http: false,
|
|
||||||
udp: false,
|
|
||||||
ws: false,
|
|
||||||
dht: false
|
|
||||||
})
|
|
||||||
|
|
||||||
trackerServer.on('error', function (err) {
|
|
||||||
logger.error('Error in websocket tracker.', err)
|
|
||||||
})
|
|
||||||
|
|
||||||
trackerServer.on('warning', function (err) {
|
|
||||||
logger.error('Warning in websocket tracker.', err)
|
|
||||||
})
|
|
||||||
|
|
||||||
const server = http.createServer(app)
|
|
||||||
const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
|
|
||||||
wss.on('connection', function (ws) {
|
|
||||||
trackerServer.onWebSocketConnection(ws)
|
|
||||||
})
|
|
||||||
|
|
||||||
const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
|
|
||||||
app.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
|
|
||||||
app.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
|
|
||||||
|
|
||||||
// ----------- Views, routes and static files -----------
|
// ----------- Views, routes and static files -----------
|
||||||
|
|
||||||
// API
|
// API
|
||||||
|
@ -155,6 +125,7 @@ app.use('/services', servicesRouter)
|
||||||
app.use('/', activityPubRouter)
|
app.use('/', activityPubRouter)
|
||||||
app.use('/', feedsRouter)
|
app.use('/', feedsRouter)
|
||||||
app.use('/', webfingerRouter)
|
app.use('/', webfingerRouter)
|
||||||
|
app.use('/', trackerRouter)
|
||||||
|
|
||||||
// Static files
|
// Static files
|
||||||
app.use('/', staticRouter)
|
app.use('/', staticRouter)
|
||||||
|
@ -181,6 +152,8 @@ app.use(function (err, req, res, next) {
|
||||||
return res.status(err.status || 500).end()
|
return res.status(err.status || 500).end()
|
||||||
})
|
})
|
||||||
|
|
||||||
|
const server = createWebsocketServer(app)
|
||||||
|
|
||||||
// ----------- Run -----------
|
// ----------- Run -----------
|
||||||
|
|
||||||
async function startApplication () {
|
async function startApplication () {
|
||||||
|
|
|
@ -5,3 +5,4 @@ export * from './feeds'
|
||||||
export * from './services'
|
export * from './services'
|
||||||
export * from './static'
|
export * from './static'
|
||||||
export * from './webfinger'
|
export * from './webfinger'
|
||||||
|
export * from './tracker'
|
||||||
|
|
91
server/controllers/tracker.ts
Normal file
91
server/controllers/tracker.ts
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
import { logger } from '../helpers/logger'
|
||||||
|
import * as express from 'express'
|
||||||
|
import * as http from 'http'
|
||||||
|
import * as bitTorrentTracker from 'bittorrent-tracker'
|
||||||
|
import * as proxyAddr from 'proxy-addr'
|
||||||
|
import { Server as WebSocketServer } from 'ws'
|
||||||
|
import { CONFIG, TRACKER_RATE_LIMITS } from '../initializers/constants'
|
||||||
|
|
||||||
|
const TrackerServer = bitTorrentTracker.Server
|
||||||
|
|
||||||
|
const trackerRouter = express.Router()
|
||||||
|
|
||||||
|
let peersIps = {}
|
||||||
|
let peersIpInfoHash = {}
|
||||||
|
runPeersChecker()
|
||||||
|
|
||||||
|
const trackerServer = new TrackerServer({
|
||||||
|
http: false,
|
||||||
|
udp: false,
|
||||||
|
ws: false,
|
||||||
|
dht: false,
|
||||||
|
filter: function (infoHash, params, cb) {
|
||||||
|
let ip: string
|
||||||
|
|
||||||
|
if (params.type === 'ws') {
|
||||||
|
ip = params.socket.ip
|
||||||
|
} else {
|
||||||
|
ip = params.httpReq.ip
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = ip + '-' + infoHash
|
||||||
|
|
||||||
|
peersIps[ip] = peersIps[ip] ? peersIps[ip] + 1 : 1
|
||||||
|
peersIpInfoHash[key] = peersIpInfoHash[key] ? peersIpInfoHash[key] + 1 : 1
|
||||||
|
|
||||||
|
if (peersIpInfoHash[key] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP_PER_INFOHASH) {
|
||||||
|
return cb(new Error(`Too many requests (${peersIpInfoHash[ key ]} of ip ${ip} for torrent ${infoHash}`))
|
||||||
|
}
|
||||||
|
|
||||||
|
return cb()
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
trackerServer.on('error', function (err) {
|
||||||
|
logger.error('Error in tracker.', { err })
|
||||||
|
})
|
||||||
|
|
||||||
|
trackerServer.on('warning', function (err) {
|
||||||
|
logger.warn('Warning in tracker.', { err })
|
||||||
|
})
|
||||||
|
|
||||||
|
const onHttpRequest = trackerServer.onHttpRequest.bind(trackerServer)
|
||||||
|
trackerRouter.get('/tracker/announce', (req, res) => onHttpRequest(req, res, { action: 'announce' }))
|
||||||
|
trackerRouter.get('/tracker/scrape', (req, res) => onHttpRequest(req, res, { action: 'scrape' }))
|
||||||
|
|
||||||
|
function createWebsocketServer (app: express.Application) {
|
||||||
|
const server = http.createServer(app)
|
||||||
|
const wss = new WebSocketServer({ server: server, path: '/tracker/socket' })
|
||||||
|
wss.on('connection', function (ws, req) {
|
||||||
|
const ip = proxyAddr(req, CONFIG.TRUST_PROXY)
|
||||||
|
ws['ip'] = ip
|
||||||
|
|
||||||
|
trackerServer.onWebSocketConnection(ws)
|
||||||
|
})
|
||||||
|
|
||||||
|
return server
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
export {
|
||||||
|
trackerRouter,
|
||||||
|
createWebsocketServer
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
function runPeersChecker () {
|
||||||
|
setInterval(() => {
|
||||||
|
logger.debug('Checking peers.')
|
||||||
|
|
||||||
|
for (const ip of Object.keys(peersIpInfoHash)) {
|
||||||
|
if (peersIps[ip] > TRACKER_RATE_LIMITS.ANNOUNCES_PER_IP) {
|
||||||
|
logger.warn('Peer %s made abnormal requests (%d).', ip, peersIps[ip])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
peersIpInfoHash = {}
|
||||||
|
peersIps = {}
|
||||||
|
}, TRACKER_RATE_LIMITS.INTERVAL)
|
||||||
|
}
|
|
@ -450,6 +450,14 @@ const FEEDS = {
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
const TRACKER_RATE_LIMITS = {
|
||||||
|
INTERVAL: 60000 * 5, // 5 minutes
|
||||||
|
ANNOUNCES_PER_IP_PER_INFOHASH: 10, // maximum announces per torrent in the interval
|
||||||
|
ANNOUNCES_PER_IP: 30 // maximum announces for all our torrents in the interval
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
// Special constants for a test instance
|
// Special constants for a test instance
|
||||||
if (isTestInstance() === true) {
|
if (isTestInstance() === true) {
|
||||||
ACTOR_FOLLOW_SCORE.BASE = 20
|
ACTOR_FOLLOW_SCORE.BASE = 20
|
||||||
|
@ -482,6 +490,7 @@ export {
|
||||||
AVATARS_SIZE,
|
AVATARS_SIZE,
|
||||||
ACCEPT_HEADERS,
|
ACCEPT_HEADERS,
|
||||||
BCRYPT_SALT_SIZE,
|
BCRYPT_SALT_SIZE,
|
||||||
|
TRACKER_RATE_LIMITS,
|
||||||
CACHE,
|
CACHE,
|
||||||
CONFIG,
|
CONFIG,
|
||||||
CONSTRAINTS_FIELDS,
|
CONSTRAINTS_FIELDS,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user